Lucene search
+L

115 matches found

OSV
OSV
added 2018/01/19 5:29 p.m.5 views

CVE-2017-7325

Yandex Browser before 16.9.0 allows remote attackers to spoof the address bar via window.open...

7.5CVSS5.8AI score0.01051EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2016/08/04 12:0 a.m.3 views

VulnCheck KEV: CVE-2014-1510

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call...

9.8CVSS7.2AI score0.82339EPSS
Exploits5References1
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.6 views

The vulnerability of the Thunderbird email client, which allows a malicious actor to execute arbitrary code

Mozilla Thunderbird’s email client contains a vulnerability related to errors in the implementation of the Web IDL technology. Exploiting this vulnerability allows malicious actors operating remotely to execute arbitrary JavaScript code with Chrome privileges, using a fragment of IDL to trigger a...

9.3CVSS7.5AI score0.82339EPSS
Exploits5References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.9 views

The vulnerability of the Firefox browser, which allows a malicious actor to execute arbitrary code

The Mozilla Firefox browser contains a vulnerability related to errors in the implementation of the Web IDL technology. Exploiting this vulnerability allows malicious actors operating remotely to execute arbitrary JavaScript code with Chrome privileges, by using a fragment of IDL to trigger the...

9.3CVSS7.5AI score0.82339EPSS
Exploits5References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.6 views

The vulnerability of the Firefox ESR browser, which allows a malicious individual to execute arbitrary code

The Mozilla Firefox ESR browser contains a vulnerability related to errors in the implementation of the Web IDL technology. Exploiting this vulnerability allows malicious actors operating remotely to execute arbitrary JavaScript code with Chrome privileges, by using a fragment of IDL to trigger a...

9.3CVSS7.5AI score0.82339EPSS
Exploits5References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.7 views

The vulnerability of the Mozilla SeaMonkey software package, which allows a malicious individual to execute arbitrary code.

Mozilla SeaMonkey software contains a vulnerability related to errors in the implementation of the Web IDL technology. Exploiting this vulnerability allows malicious actors operating remotely to execute arbitrary JavaScript code with Chrome privileges, by using a fragment of IDL to trigger the...

9.3CVSS7.5AI score0.82339EPSS
Exploits5References5
CNVD
CNVD
added 2016/04/14 12:0 a.m.3 views

Apache Wicket Cross-Site Scripting Vulnerability (CNVD-2016-02205)

Apache Wicket is the United States Apache Apache Software Foundation , a set of open source , lightweight , component-based framework , which provides an object-oriented way to develop Web-based dynamic UI applications . A cross-site scripting vulnerability exists in Apache Wicket's...

6.1CVSS6AI score0.08207EPSS
Exploits1References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

MS IE 4.0/5.0,Outlook 98 0 window.open Redirect Vulnerability

No description provided by source. Microsoft Internet Explorer 4.0 for Windows 95/Windows NT 3/Windows NT 4,Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4,Outlook 98 0 window.open Redirect Vulnerability source: http://www.securityfocus.com/bid/766/info If window.open is called with ...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2014/03/19 5:26 p.m.10 views

Mozilla: Privilege escalation using WebIDL-implemented APIs (MFSA 2014-29)

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call...

9.8CVSS7.3AI score0.82339EPSS
Exploits5References5
ATTACKERKB
ATTACKERKB
added 2014/03/19 10:55 a.m.6 views

CVE-2014-1510

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call...

9.8CVSS8AI score0.82339EPSS
Exploits5References16
RedHat Linux
RedHat Linux
added 2014/03/18 8:34 p.m.6 views

Mozilla: Privilege escalation using WebIDL-implemented APIs (MFSA 2014-29)

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call...

9.8CVSS7.3AI score0.82339EPSS
Exploits5References5
Prion
Prion
added 2011/08/10 9:55 p.m.18 views

Race condition

Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via vectors involving access to an object, aka "Window Open Race Condition Vulnerability."...

7.6CVSS8.1AI score0.15279EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2009/09/09 11:49 p.m.4 views

firefox: URL bar spoofing vulnerability

Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls th...

5.8CVSS7.4AI score0.04745EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2009/09/09 11:22 p.m.2 views

firefox: URL bar spoofing vulnerability

Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls th...

5.8CVSS7.4AI score0.04745EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2009/09/02 12:0 a.m.20 views

Mozilla Products Address Bar Spoofing Vulnerability - Linux

Mozilla Products are prone to an address bar spoofing vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.3AI score0.00642EPSS
Exploits0References1
Rows per page
Query Builder